How BIMI Avoids Unauthorized (or Fraudulent) Use of Logos

BIMI

BIMI provides email security that stands for Brand Indicators for Message Identification which displays the brand logo next to authenticated emails and allows the email users to recognize and avoid fraudulent messages. There is a type of email authentication protocol named DMARC (Domain-based Message Authentication Reporting, Reporting & Conformance) that is used to ensure that the organization’s domain has not been spoofed.

BIMI is built on DMARC which is used with SPF and DKIM. DKIM stands for DomainKeys Identified Mail works on cryptography and ensures that the email messages you send are not modified in transit whereas SPF stands for Sender Policy Framework which is a form of email authentication that checks and specifies that the email servers from where they are being sent with their domain originate from a specific IP address.

A BIMI checker is easy to use where your domain name is the input and you get the results instantly.

Although it is not mandatory to use BIMI, it’s a good practice and your domain is protected which gives the users or recipients peace of mind about their messages which are authenticated.

With BIMI security in place, there is no way that cyber-attacks which consist of Phishing, or Spear-Phishing attacks would jeopardise the system. In July 2021, the search giants Google with their Gmail service in place had officially rolled out BIMI for all Gmail inboxes.

Currently, BIMI is supported by the following mailbox providers:

  • Fastmail
  • Proofpoint
  • Verizon Media (Yahoo!, AOL)
  • Google

If the email is legitimate inside an email inbox where a company logo is displayed with the help of a BIMI record which is a type of DNS TXT.

How BIMI works

The organizations which use the BIMI for authentication of their emails have to use Sender Policy Framework (SPF) or Domain Keys Identified Mail (DKIM) and apply DMARC which provides their validated trademark logos to the organization via a Verified Mark Certificate (VMC).  BIMI makes sure that your organization has adopted DMARC, and that you have validated your logo with a VMC. VMCs are being issued by two BIMI-qualified Certification Authorities i.e. DigiCert and Entrust Datacard.

Requirements to join BIMI

There is a brand trust developed with BIMI and to be a part of the BIMI there are the following conditions which need to be met:

•             The recipient’s domain needs to be DMRAC authenticated.

•             The recipient’s owner needs to obtain the right certification.

•             A standing history needs to be maintained.

Frequently Asked Questions (FAQ)

Ques 1. What is BIMI?

Ans 1. BIMI provides email security that stands for Brand Indicators for Message Identification which displays the brand logo next to authenticated emails and allows the email users to recognize and avoid fraudulent messages.

Ques 2. Why it is important to have BIMI?

Ans 2. To protect your brand and consumers from fraudulent messages it is important to have strong email authentication and identification.

Ques 3. What is the BIMI record?

Ans 3.  It is a type of DNS TXT that is used to record and display the band logos within recipients.

Ques 4. What is BIMI Radar?

Ans 4. BIMI Radar is used to track the DMARC readiness and the adoption of BIMI with companies and organizations’ domains worldwide on a daily basis.

Ques 5. How to set up DMRAC?

Ans 5. To understand how to setup DMRAC, you need to click here

Ques 6. How to set up a BIMI txt record?

Ans 6.  To understand how to set up a BIMI txt record, you need to click here

Ques 7. What are the steps to implement BIMI for your emails?

Ans 7. The steps involved in implementing BIMI for the emails are:

1.            Implement SPF and DKIM

2.            Implement DMARC with the enforcement policy

3.            Publish a BIMI record

Ques 8. Which tools are used to check BIMI?

Ans 8. The easiest way to check the BIMI is with a BIMI lookup tool which can be chosen from BIMI Group, MX Toolbox, Agari and Valimail.

Ques 9. To which email providers does BIMI is supported?

Ans 9. BIMI is supported by the following mailbox providers:

•             Fastmail

•             Proofpoint

•             Verizon Media (Yahoo!, AOL)

•             Google

Ques 10. What is the reason for BIMI Logo Not Appearing in Emails?

Ans 10. To make sure that the BIMI logo appears in emails first make sure that you have an enforced DMARC Policy (p=quarantine or p=reject) and for Gmail, make sure you have a valid VMC.

If you want to more about it, then just drop an email to info@doctoolss.com or contact the undersigned.

About DocTooLss :

We make Technology EaZy via Docs” 

Follow us @doctools8 | Website: www.doctoolss.com| Tumblr: https://www.tumblr.com/blog/doctoolss | Medium: https://medium.com/@doctoolss| Facebook: https://www.facebook.com/DTdoctoolss/| Linkedin: https://www.linkedin.com/in/doc-tools-a302311a9/ | WordPress: https://doctoolss.wordpress.com/

Knowledge Management …!!!

Knowledge Management

What is Knowlege Management?

It is the collection of methods relating to creating, sharing, using & managing the information & knowledge within an organization.

It refers to a multidisciplinary approach to achieving organisational objectives by making the best of knowledge.

KM

Types of Knowlege Management

  1. Explicit Knowlege : Knowledge i.e eazy to write down & share
  2. Implicit Knowledge: Applied Knowledge
  3. Tacit Knowledge: Knowledge i.e. gained through personnal experience

Knowledge Management Process

  • Knowledge Creation: It starts with knowledge that may come from many sources, including employees within an organization or outside individuals.
  • Knowledge Storage: The knowledge must then be structured in a knowledge management system for future use. This knowledge must not only be organized, but it also needs to include security features so that knowledge can be accessed by authorized personnel when needed.
  • Knowledge Sharing: The knowledge organization process is completed by knowledge sharing. This knowledge sharing includes everything from knowledge training to knowledge exchange, where knowledge can be acquired or enhanced through knowledge discussions.

Examples of KM: CMS, Wiki, Data Warehouse, DMS etc.

Source: https://www.ibm.com/cloud/learn/knowledge-management

If you want to more about it, then just drop an email to info@doctoolss.com or contact the undersigned.

About DocTooLss :

We make Technology EaZy via Docs” 

Follow us @doctools8 | Website: www.doctoolss.com| Tumblr: https://www.tumblr.com/blog/doctoolss | Medium: https://medium.com/@doctoolss| Facebook: https://www.facebook.com/DTdoctoolss/| Linkedin: https://www.linkedin.com/in/doc-tools-a302311a9/ | WordPress: https://doctoolss.wordpress.com/

News coming from INDIA “No Ban on Crypto but will be regulated”

There are lot of buzz going around on the crypto market, here there is something that many crypto investors were waiting to hear & holding on to their breath.

The Indian panel court are NOT Banning Cryptocurrency, yes you heard it right there is “No Ban on Crypt” but it will be regulated by none other than the SEBI government body.

The Cryptocurrency and Regulation of Official Digital Currency Bill, 2021 brings regulation not ban, industry sources told the Indian Electronic Media.

These are the following 10 points which are the “The Big Story”:

It was learnt on Tuesday that the Centre could bring a Bill in the winter session of Parliament to bar all cryptocurrencies in India, barring a few exceptions, and create a framework to regulate digital currency issued by the Reserve Bank of India (RBI).

In response, all major digital currencies saw a fall of around 15 per cent and more, with Bitcoin down by around 18.53 per cent, Ethereum fell by 15.58 per cent, and Tether down by 18.29 per cent.

But as the news of regulation, not ban, came out, markets seem to be stabilising.

India’s has had a hot-cold relationship with crypto. The RBI had banned it in 2018 voicing “serious concerns” about private cryptocurrencies.

Then the Supreme Court of India had lifted the ban in 2020 and now in 2021 negotiations are on between industry stakeholders and the Centre to bring in a regulation that will put corrupt practices to check.

According to Blockchain and Crypto Assets Council, India holds about ₹ 6 lakh crore in crypto assets.

Last week, the Standing Committee on Finance, chaired by BJP member Jayant Sinha, met the representatives of crypto exchanges, blockchain and Crypto Assets Council (BACC), among others, and arrived at a conclusion that cryptocurrencies should not be banned, but it should be regulated.

Delivering a keynote address at the Sydney Dialogue on November 18, Prime Minister Narendra Modi had urged all countries to ensure that cryptocurrency does not “end up in the wrong hands”.

Private digital currencies have gained popularity in the past decade or so. However, regulators and governments have been sceptical about these currencies and are apprehensive about the associated risks.

Recently, there have been a rising number of advertisements promising easy and high returns on investments in cryptocurrencies, amid concerns over such currencies being allegedly used for luring investors with misleading claims.

Sources: NDTV News : click the link for more information.

If you want to know more about what’s happening in the world of Crypto, then stay connected with DocTooLss , or just drop an email to info@doctoolss.com or contact the undersigned.

About DocTooLss :

We make Technology EaZy via Docs” 

Follow us @doctools8 | Website: www.doctoolss.com| Tumblr: https://www.tumblr.com/blog/doctoolss | Medium: https://medium.com/@doctoolss| Facebook: https://www.facebook.com/DTdoctoolss/| Linkedin: https://www.linkedin.com/in/doc-tools-a302311a9/ | WordPress: https://doctoolss.wordpress.com/

Cryptocurrency heard a lot but what is it ???

Blockchain

Today when we all are trying to get back to our normal lives after the struck of the pandemic COVID19, there is still something more which we are reading daily but not understanding it i.e. Cryptocurrency.

Although Cryptocurrency is an ocean itself, here we are trying to understand the basis of it, lets see some technical terms related to cryptocurrency.

What is Cryptocurrency?

Cryptocurrency is a type of digital currency which uses digital files as money.

What is BitCoin?

Bitcoin is the best known cryptocurrency.

What are the Types of Cryptocurrency?

There are many types of cryptocurrency such as BitCoin, Ethereum, Ripple, Tether, Shiba, Sandbox etc.

Bitcoin is the best known cryptocurrency whereas a cryptocurrency is a medium of exchange.

What is Blockchain Technology?

Blockchain is a type of security in cryptography where it uses cryptography encryption to protect every transaction.

In technical terms, blockchain is a system of recording information in a way that makes it difficult or impossible to change, hack, or cheat the system. Each block in the chain contains a number of transactions, and every time a new transaction occurs on the blockchain, a record of that transaction is added to every participant’s ledger.

What is the role of Blockchain in cryptocurrency?

Blockchain forms the bedrock for cryptocurrencies like Bitcoin. By spreading its operations across a network of computers, blockchain allows Bitcoin and other cryptocurrencies to operate without the need for a central authority, by this, it not only reduces the risk but also eliminates many of the processing and transaction fee.

If you want to know more about it, then just drop an email to info@doctoolss.com or contact the undersigned.

About DocTooLss :

We make Technology EaZy via Docs” 

Follow us @doctools8 | Website: www.doctoolss.com| Tumblr: https://www.tumblr.com/blog/doctoolss | Medium: https://medium.com/@doctoolss| Facebook: https://www.facebook.com/DTdoctoolss/| Linkedin: https://www.linkedin.com/in/doc-tools-a302311a9/ | WordPress: https://doctoolss.wordpress.com/

What is SIEM vs SIAM?

SIEM vs SIAM

SIEM: Security Information and Event Management (SIEM) is a software solution that aggregates and analyzes activity from many different resources across your entire IT infrastructure.

How do SIEM works?

It works by collecting log and event data generated by an organizations applications, security devices and host systems and bringing it together into a single centralized platform. SIEM gathers data from antivirus events, firewall logs and other locations; it sorts this data into categories, for example : malware activity and failed and successful logins. 

SIEM tool it identifies threat through a network security monitoring, which generates an alert and identifies a threat level based on predetermined rules set. Ex: If some user tries to log into an account 10 times in 10 minutes that is okay, but 100 times in 10 minutes might be flagged as an attempted attack.

By this, it detects threats and creates security alerts. SIEM’s custom dashboards and event management system improves investigative efficiency and reduces time wasted on false positives.

The threat detection element itself can help to detect threats in emails, cloud resources, applications, external threat intelligence sources and endpoints. This can include user and entity behaviour analytics (UEBA) which analyzes behaviours and activities to monitor for abnormal behaviours which could indicate a threat. It can also detect behaviour anomalies, lateral movement and compromised accounts.

Main features of SIEM

  • Threat Detection
  • Investigation
  • Time to respond

SIAM: Service Integration and Management (SIAM) is an approach to managing multiple suppliers of services (business services as well as information technology services) and integrating them to provide a single business-facing IT organization.

If you want to more about it, then just drop an email to info@doctoolss.com or contact the undersigned.

About DocTooLss :

We make Technology EaZy via Docs” 

Follow us @doctools8 | Website: www.doctoolss.com| Tumblr: https://www.tumblr.com/blog/doctoolss | Medium: https://medium.com/@doctoolss| Facebook: https://www.facebook.com/DTdoctoolss/| Linkedin: https://www.linkedin.com/in/doc-tools-a302311a9/ | WordPress: https://doctoolss.wordpress.com/

Azure vs AWS (Battle for the No.1 Spot)…!!

AWS vs Azure

Day in day out we talk about the cloud and the services provided by them. The market today is led by AWS followed by Azure and catching up are GCP (Google Cloud Platform).

There are around 160+ services provided by AWS and counts are adding up whereas in Azure the services are lesser than AWS but are also getting added up with time.

Let’s have a sneek peek at some of the important services by these market leaders:

AWS EC2 Vs Azure VM

AWS EC2 Instance Vs Azure VM Scale Sets

AWS S3 Vs Azure Blob Storage

AWS Lambda/Fargate Vs Azure Functions

AWS Beanstalk Vs Azure App Service

AWS SQS Vs Azure Queue Storage

AWS ELB (Elastic Load Balancer) Vs Azure Load Balancer

AWS VPN Vs Azure Virtual Network

AWS DynamoDB Vs Azure Cosmos DB

AWS Shield Vs Azure DDoS

AWS RDS Vs Azure SQL DB

AWS Red Shift Vs Azure Synapse Analytics

AWS Rekognition/Lex/Polly/Transcribe Vs Azure Cognitive Service

For more information on the above AWS services, click here

For more information on the above Azure services, click here

We at DocTooLss are certified by AWS & Azure certificates and day in & day out make ourselves well versed with the AWS & Azure ongoing cloud services.

We can even assist our clients in understanding the cloud & the services provided by them, so no need to go anywhere or pay a huge amount of money on online big educational institutions. Just drop an email to info@doctoolss.com or contact the undersigned .

DocTooLss

About DocTooLss :

We make Technology EaZy via Docs” 

Follow us @doctools8 | Website: www.doctoolss.com| Tumblr: https://www.tumblr.com/blog/doctoolss | Medium: https://medium.com/@doctoolss| Facebook: https://www.facebook.com/DTdoctoolss/| Linkedin: https://www.linkedin.com/in/doc-tools-a302311a9/ | WordPress: https://doctoolss.wordpress.com/

Cyber Strategies in the New Normal

We have nearly reached the end of this pandemic year 2020, where mostly we have spent our time at home as still when we write this blog many would be working from home and some who have joined their work task force are trying to adjust the new normal.

This year where not even the IT officials but the students or kids are attending their classes from home. Since everyone is working from home there has been an increase in bandwidth and data utilization around the globe.

The organization which has a business continuity plan ready had a smooth transformation to work from the environment without any hindrances it was proved that CS having a foresight had an efficient way for the organization. A new area of cyber is cyber innovation, risk is mitigated risk is all about taking a risk. Cyber innovation is an area to look at. 

As per Gartner, there are five principles:
  • Continuous adaptive risk and trust assessment based on agility.
  • Secure DevOps
  • Replace the one-time security gate
  • Put the continuous security pro-actively 
  • Build the architecture with security, not with silos 

The average knowledge about cyber-attack prevention is deficient. Yes, cybercriminals are getting better all the time. But if we become proactive in our approach instead of reactive, they can be pushed back continually and hopefully sit mostly on the drawing board!

There is some positive aspect of COVID 19, that it has helped companies to identify that employees to work from their living room, whereas lots of expenditure has been spent on companies infrastructure. Even our environment which has been polluted has been saved by not using the vehicles on a daily basis. 

So, things to keep in mind during this pandemic is to secure your computer systems and wear a mask to protect yourself and others around you.

About DocTooLss :

We make Technology EaZy via Docs” 

Follow us @doctools8 | Website: www.doctoolss.com| Tumblr: https://www.tumblr.com/blog/doctoolss | Medium: https://medium.com/@doctoolssFacebook: https://www.facebook.com/DTdoctoolss/| Linkedin: https://www.linkedin.com/in/doc-tools-a302311a9/

What is Hardware Security?

Hardware Security

To know about the hardware security, lets first understand what all is covered under hardware security here :

  • Mobile Device Security (MDS)
  • IoT Security
  • Vulnerable Device Lists
  • Physical Security
  • Drone and Vehicles
  • SCADA
  • BIOS and UEFI
  • Self Encryption Device
  • Hardware Security Module

Mobile Device Security (MDS)

As we first insert a SIM (Subscriber Identity Module) in our mobiles there is a pop up message on our mobile which asks for a SIM pin which acts a SIM locking mechanism and protect ones information which could be of SMS text messages, contact lists , subscribers information etc.

IoT Security

To know about the IoT security, please check our previous blog, click here.

Physical Security

Lockdown cables for laptops, computers or making secure to the servers . There is also locked server room racks.

Drones and Vehicles

Drones are considered to be an normal aircrafts fitted with the cameras. The firmware in a drone has geo-fencing software. There are vehicles which have internal networks. There are crucial functioning of a vehicle which is called “Controller Area Network (CAN)”.

SCADA

This stands for Supervisory Control and Data Acquisition, which is used to control industrial processes such as as with manufacturing or critical infrastructure like water, electricity, oil refineries which consists of both hardware and software to make all this happen. There are some protocols which also works with it like DN3P, T101 etc.

BIOS and UEFI

A web page labeled “BIOS Simulator Center” : opens in a web browser. It contain a sample simulator labelled”Lenovo BIOS Setup Utility”. It is divided into two parts i.e. menu bar and Content pane.

Self Encrypting Drivers

This provides protection at the hardware level for the data stored on a drive, if the drive or the device housing the drive is lost or stolen and depending on the configuration of the self encrypting drive, it might not require any user interaction after it’s configured.

Hardware Security Module (HSM)

It provides protection and storage for cryptographic secrets at the hardware or firmware level and supports hardware crypto processing. HSM are FIPS 140-2 compliant which means that they are compliant with US government security standards for cryptographic modules.

About DocTooLss :

We make Technology EaZy via Docs” 

Follow us @doctools8 | WordPress: www.doctoolss.wordpress.com | Website: www.doctoolss.com| Tumblr: https://www.tumblr.com/blog/doctoolss | Medium: https://medium.com/@doctoolss| Facebook: https://www.facebook.com/DTdoctoolss/  | Linkedin: https://www.linkedin.com/in/doc-tools-a302311a9/

What we know about IoT Security?

IoT Security

What is Internet of Things (IoT)?

We read a lot about IoT, but not clear what exactly it means, although we know about its definition so here we explain in simple terms. IoT is basically connecting of computing devices, mechanical, digital machines, objects, and people with one another. Ex: wirelessly connecting devices such as smart speakers i.e. our very own Amazon Alexa or Google Home, smart TVs, Apple Watch, internet-connected baby monitors, video doorbells, and even toys, CCTV camera’s controlled by smartphones.

What is IoT Security?

The technology that is concerned with safeguarding the connected devices and networks in the internet of things (IoT).

What is the difference between IoT and AI?

 IoT is a concept based on the idea of everyday physical objects with the ability to communicate directly over the InternetArtificial Intelligence (AI), on the other hand, is an area of computer science to create machines to do intelligent things the way humans do, or possibly even better.

Source: Wikipedia

How to safeguard our IoT from the breachers or attackers?

There are sensor-based things have minimal computing resources, and the opportunities for antivirus, encryption and other forms of protection within things are more restricted.

  • Security of Things Platform by Mocana
  • IoT Gateway Security by Intel
  • The Forescout Platform by Forescout Technologies
  • Armis Platform by Armis
  • Enhanced Infrastructure Protection by Intel
  • Beacon by Great Bay Software

Source: Gartner

There are many more vendors, for more information on this, please click here.

About DocTooLss :

We make Technology EaZy via Docs” 

Follow us @doctools8 | WordPress: www.doctoolss.wordpress.com | Website: www.doctoolss.com| Tumblr: https://www.tumblr.com/blog/doctoolss | Medium: https://medium.com/@doctoolss| Facebook: https://www.facebook.com/DTdoctoolss/  | Linkedin: https://www.linkedin.com/in/doc-tools-a302311a9/

Website Built with WordPress.com.

Up ↑

Create your website with WordPress.com
Get started